This article goes over the EC2 Security Group ingress rules for SFTP Gateway.
SFTP runs on port
22 which is open to the world.
You can restrict IP address ranges on a per-user basis from within the web admin portal.
The SSH protocol (port
2222) and the web admin portal (
443) should be restricted
to System Administrators.
SFTP Gateway exposes the following ports and protocols:
The SFTP protocol runs on TCP port
22. By default, this is open to the world
Within the web admin portal, you can restrict IP address ranges on a per-user basis.
The SSH protocol has been moved to TCP port
2222. (Remember to specify the port number
when connecting via SSH.) This port should be restricted to SysAdmins.
443 are used for the Web Admin Portal.
It's important to restrict these ports to SysAdmins as well, because the Web Admin Portal
lets you create an admin account on first launch.
Here's a table of the various ports and protocols.